Commit 359acf77 authored by Varun Wadekar's avatar Varun Wadekar
Browse files

Tegra: enable stack protection



This patch sets ENABLE_STACK_PROTECTOR=strong and implements
the platform support to generate a stack protection canary value.
Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
Change-Id: Ia8afe464b5645917b1c77d49305d19c7cd01866a
parent 1a04b2e5
# #
# Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved. # Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
# Copyright (c) 2020, NVIDIA Corporation. All rights reserved.
# #
# SPDX-License-Identifier: BSD-3-Clause # SPDX-License-Identifier: BSD-3-Clause
# #
...@@ -32,3 +33,7 @@ BL31_SOURCES += drivers/delay_timer/delay_timer.c \ ...@@ -32,3 +33,7 @@ BL31_SOURCES += drivers/delay_timer/delay_timer.c \
${COMMON_DIR}/tegra_platform.c \ ${COMMON_DIR}/tegra_platform.c \
${COMMON_DIR}/tegra_pm.c \ ${COMMON_DIR}/tegra_pm.c \
${COMMON_DIR}/tegra_sip_calls.c ${COMMON_DIR}/tegra_sip_calls.c
ifneq ($(ENABLE_STACK_PROTECTOR), 0)
BL31_SOURCES += ${COMMON_DIR}/tegra_stack_protector.c
endif
/*
* Copyright (c) 2020, NVIDIA Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <stdint.h>
#include <arch_helpers.h>
#include <lib/mmio.h>
#include <plat/common/platform.h>
#include <platform_def.h>
u_register_t plat_get_stack_protector_canary(void)
{
u_register_t seed;
/*
* Ideally, a random number should be returned instead. As the
* platform does not have any random number generator, this is
* better than nothing, but not really secure.
*/
seed = mmio_read_32(TEGRA_MISC_BASE + HARDWARE_REVISION_OFFSET);
seed <<= 32;
seed |= mmio_read_32(TEGRA_TMRUS_BASE);
return seed ^ read_cntpct_el0();
}
...@@ -49,6 +49,9 @@ ENABLE_TEGRA_WDT_LEGACY_FIQ_HANDLING ?= 0 ...@@ -49,6 +49,9 @@ ENABLE_TEGRA_WDT_LEGACY_FIQ_HANDLING ?= 0
# Flag to allow relocation of BL32 image to TZDRAM during boot # Flag to allow relocation of BL32 image to TZDRAM during boot
RELOCATE_BL32_IMAGE ?= 0 RELOCATE_BL32_IMAGE ?= 0
# Enable stack protection
ENABLE_STACK_PROTECTOR := strong
include plat/nvidia/tegra/common/tegra_common.mk include plat/nvidia/tegra/common/tegra_common.mk
include ${SOC_DIR}/platform_${TARGET_SOC}.mk include ${SOC_DIR}/platform_${TARGET_SOC}.mk
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment